Hololoot Code: Under the Knife
Addressing our C-Risk and updating our Certik audit
Before our TGE last year we commissioned Certik to perform a full audit of our token smart contracts. As anyone who has been in crypto for a while knows, these audits are essential for not only giving confidence to the community and investors, but also for ensuring internally that we’ve ticked all the important security boxes.
We were incredibly pleased with the results of the audit, which highlighted only one major centralization risk. We acknowledged this in the report and outlined the steps we were taking to resolve it.
We’re happy to say that the risk has been resolved, and that Certik is updating our audit on their leaderboard.
The Hololoot C-Risk
When our contract was initially audited, Certik identified a centralization risk associated with our TransactionThrottler smart contract. This risk meant that the Owner role had authority over several functions in the contract. If the Owner role was compromised, the attacker could change any of the parameters this account had authority over.
Most of the functions related to the deployment of our token on December 14, which is why we had to retain direct access to the role during this critical period. However, once our token was in circulation there would be no urgent need for a single owner to retain control over the permissions, which is why in our acknowledgement of the risk we outlined our resolution.
In the original Certik report we committed to assigning the Owner role to our Gnosis Safe multi-sig wallet after the TGE. This would increase the security of the contract significantly and mitigate the centralization risk originally highlighted.
And so, right after our TGE, that’s exactly what we did.
On December 27, 2021, we assigned the Owner role from the TransactionThrottler contract to our Gnosis Safe multi-sig wallet, which can be found at:
With this mitigation, all the issues highlighted by Certik have been resolved.
Keeping things squeaky clean
We believe in decentralization, and we believe in the incredible benefits of blockchain. But with decentralization comes risk — there are no central authorities to enforce laws, which is why auditors like Certik are so important.
We need our community and investors to trust us, which is why we commissioned the best audit group in crypto to inspect our contracts. We were relieved to see no other major problems were detected outside of the centralization risk outlined in the initial report, and with this step towards decentralization we can now proudly say that our contracts are as clean as can be.
It’s very good practice to read the audits of any project you plan to invest in, and it’s also much more interesting than it sounds.
Make sure you’re following us on all our social channels. We regularly post about all sorts of exciting things, like audits, AR and NFTs — and make sure you read that report 👩🏫